Loading... Additional Content is being loaded

Windows Analysis Report
https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/
Analysis ID:	1446163
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

AI detected suspicious javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

LLM: Score: 8 brands: Microsoft OneDrive Reasons: The URL 'https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/' does not match the legitimate domain name for Microsoft OneDrive, which should be something like 'onedrive.live.com'. The use of IPFS (InterPlanetary File System) for hosting a OneDrive page is highly unusual and suspicious. The page mimics the appearance of a legitimate OneDrive page, which is a common social engineering technique used in phishing attacks. DOM: 0.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_61, type: DROPPED

AI detected suspicious javascript

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

LLM: Score: 8 Reasons: The JavaScript code captures form data and sends it to an external URL (https://notmark.name.ng/dell/zob.php) via an AJAX POST request. This behavior is typical of phishing attacks where user credentials or other sensitive information are harvested. Additionally, the URL used does not appear to be associated with a legitimate or well-known service, increasing the likelihood of malicious intent. DOM: 0.0.pages.csv

Phishing site detected (based on image similarity)

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Matcher: Template: onedrive matched
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: Title: does not match URL

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: <input type="password" .../> found

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No favicon
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No favicon

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/ HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ipfs.tech

Source: chromecache_61.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/1.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/2.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/3.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/4.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/5.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/a.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/aa.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/b.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/c.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/d.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/e.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/f.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_76.1.dr, chromecache_49.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_76.1.dr, chromecache_49.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_76.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_61.1.dr	String found in binary or memory: https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Source: chromecache_61.1.dr	String found in binary or memory: https://notmark.name.ng/dell/zob.php

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/52@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2200,i,8465809809260521268,2692650552825108474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2200,i,8465809809260521268,2692650552825108474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
169.150.247.39	ipfs.tech	United States		2711	SPIRITTEL-ASUS	false
185.93.3.244	unknown	Czech Republic		60068	CDN77GB	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States		15133	EDGECASTUS	false
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false
209.94.90.1	ipfs.io	United States		40680	PROTOCOLUS	true

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
www.google.com	142.250.184.228	true
cs1227.wpc.alphacdn.net	192.229.221.185	true
ipfs.tech	169.150.247.39	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
ipfs.io	209.94.90.1	true
cdn.jsdelivr.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
cdn.glitch.global	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	false	Avira URL Cloud: safe	unknown
https://ipfs.tech/favicon.ico	false	Avira URL Cloud: safe	unknown
https://ipfs.io/favicon.ico	false	Avira URL Cloud: safe	unknown
https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	true		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 48	ASCII text, with no line terminators	92EADEE97762569915F013BCF763B7CE	00FD8372BB378DF48D7F565D7D601063A96053AA	48E22AA9033C1E0BD6778E0AAAF217417E2A60AB4BF5889525458921638815D9
Chrome Cache Entry: 49	Unicode text, UTF-8 text, with very long lines (65306)	94994C66FEC8C3468B269DC0CC242151	EC16BD19BF4AE9BC2E2336AC409A503BBBDAACAD	62F74B1CF824A89F03554C638E719594C309B4D8A627A758928C0516FA7890AB
Chrome Cache Entry: 50	PNG image data, 165 x 41, 8-bit/color RGB, non-interlaced	724468C1614507300A601E930EE3828D	4987C77512BE1D8EAAAEF59BCFB17F8A505C1D91	25789914C4415F6EA3F4C2054969B1CD2EAEA02F051C44DD9C0CF02D637DBDFD
Chrome Cache Entry: 51	PNG image data, 50 x 21, 8-bit/color RGB, non-interlaced	350BD2F9BE2C4606335D4524262E9CFF	8349346DEB8E3B704041425404FE658313C147EE	148F106FC77F420A9002CDF65BD26CE8812EF97BCAF994DB31FDEB212013CDB5
Chrome Cache Entry: 52	ASCII text, with very long lines (65447)	641DD14370106E992D352166F5A07E99	EDA46747C71D38A880BEE44F9A439C3858BB8F99	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
Chrome Cache Entry: 53	PNG image data, 55 x 18, 8-bit/color RGB, non-interlaced	84306B843A63D1D7CAABF8020FA9EDD2	43E7F881958ED1E483651906C7707410F44ABE39	0BE6112A7B37C6218662D17EFC0A2E6EEC913BE12A94B31AD9C5157553A9E397
Chrome Cache Entry: 54	PNG image data, 193 x 41, 8-bit/color RGB, non-interlaced	3AC5A352BD63387BC7CD05FC0D402D60	FEBF1D321D05455E2E5FE6D4A4C3FFE1B22CF4F2	AC43A240D01B1C830270768B5C7D8E7F1B41B6980808535F50AEE95EEBDEF736
Chrome Cache Entry: 55	PNG image data, 357 x 45, 8-bit/color RGB, non-interlaced	D9CB6B3C14A91E274480DDBD3B9D81CE	1677DFAE988D050E2F973C4B4B58525024E9ED4B	8974110D1EA1B91179D80B89C7E8CE8EA46EF6941890F5D21CCDD33401591949
Chrome Cache Entry: 56	PNG image data, 77 x 28, 8-bit/color RGB, non-interlaced	8F154DA726C6BA8BC249AF82FEC33250	B3E80E8B338BB07D767E7CA3AEDAE814864F5228	119191F22EA22FF461D6F4F4A13A451072AA736D31DB3B11F99379305E014D1B
Chrome Cache Entry: 57	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	EA7D143EFE3C01DE298F9F1130E8BCE5	4672164FAB3870DD901034ABCF3D35998AC94DBE	94A9FEFBBE42310C03FF1E52C1F753C21038805F632867EA78930A52C445A456
Chrome Cache Entry: 58	PNG image data, 47 x 21, 8-bit/color RGB, non-interlaced	37F919B2847B617763E8E404A0D3A4EE	4647AF89D27B824BDA8B58F255F9CD6BBC6F0A6E	9EEB371FBFF81AF820DEB5DB9A1C8C9E5AC9700FB594ED07C717AFB7AB992315
Chrome Cache Entry: 59	PNG image data, 50 x 21, 8-bit/color RGB, non-interlaced	350BD2F9BE2C4606335D4524262E9CFF	8349346DEB8E3B704041425404FE658313C147EE	148F106FC77F420A9002CDF65BD26CE8812EF97BCAF994DB31FDEB212013CDB5
Chrome Cache Entry: 60	PNG image data, 193 x 41, 8-bit/color RGB, non-interlaced	3AC5A352BD63387BC7CD05FC0D402D60	FEBF1D321D05455E2E5FE6D4A4C3FFE1B22CF4F2	AC43A240D01B1C830270768B5C7D8E7F1B41B6980808535F50AEE95EEBDEF736
Chrome Cache Entry: 61	HTML document, Unicode text, UTF-8 text, with very long lines (36285), with CRLF line terminators	8E7AC3CDCC7CEBB616D58A432829ECB9	25CB9ED4D4B5880517052E7A308C98D25701F623	EAF01F7C70028AD9A82D17F91B2293FFDE852C8B4DFA01A9511A33F5166A339D
Chrome Cache Entry: 62	PNG image data, 45 x 20, 8-bit/color RGB, non-interlaced	75CA17434579A6A886ED6021F143E16C	D734D9F81A1761F4E2BF8A1B6E1301BED934F8AD	D509A86793135D9691726E796B0263F49DF5187D7061755CB237E1EBB0B443A3
Chrome Cache Entry: 63	PNG image data, 110 x 36, 8-bit/color RGB, non-interlaced	9B0AA1B1E750E19A610E901FD4E3BF09	2647544E107BDE8E1A5EFBD16C321C1F43801EC0	A5699544C0922F1D41F3B41E98BEBB052F37058BFB1BB452EDB3279A87AB3F70
Chrome Cache Entry: 64	PNG image data, 228 x 41, 8-bit/color RGB, non-interlaced	F27B55D386478EDB8F2CD989E3120C02	A203DBEB7E625123BD4477AAEAF3EF4D589EBCDF	65F7095EA500B45DF83D69F5D938608B27B520D6BEB81B9719197289AA519D59
Chrome Cache Entry: 65	PNG image data, 47 x 21, 8-bit/color RGB, non-interlaced	37F919B2847B617763E8E404A0D3A4EE	4647AF89D27B824BDA8B58F255F9CD6BBC6F0A6E	9EEB371FBFF81AF820DEB5DB9A1C8C9E5AC9700FB594ED07C717AFB7AB992315
Chrome Cache Entry: 66	PNG image data, 45 x 20, 8-bit/color RGB, non-interlaced	75CA17434579A6A886ED6021F143E16C	D734D9F81A1761F4E2BF8A1B6E1301BED934F8AD	D509A86793135D9691726E796B0263F49DF5187D7061755CB237E1EBB0B443A3
Chrome Cache Entry: 67	PNG image data, 187 x 43, 8-bit/color RGB, non-interlaced	0A322A029ADC215634BDAE16370DE88A	086FD588FD6AAFFE10366039D7960299DD9EF7D8	F61DD53B762E700F864A3823E55FF65D791214B2908D2AC1D78C8945FABE6D65
Chrome Cache Entry: 68	PNG image data, 357 x 45, 8-bit/color RGB, non-interlaced	D9CB6B3C14A91E274480DDBD3B9D81CE	1677DFAE988D050E2F973C4B4B58525024E9ED4B	8974110D1EA1B91179D80B89C7E8CE8EA46EF6941890F5D21CCDD33401591949
Chrome Cache Entry: 69	PNG image data, 165 x 41, 8-bit/color RGB, non-interlaced	724468C1614507300A601E930EE3828D	4987C77512BE1D8EAAAEF59BCFB17F8A505C1D91	25789914C4415F6EA3F4C2054969B1CD2EAEA02F051C44DD9C0CF02D637DBDFD
Chrome Cache Entry: 70	PNG image data, 228 x 41, 8-bit/color RGB, non-interlaced	F27B55D386478EDB8F2CD989E3120C02	A203DBEB7E625123BD4477AAEAF3EF4D589EBCDF	65F7095EA500B45DF83D69F5D938608B27B520D6BEB81B9719197289AA519D59
Chrome Cache Entry: 71	PNG image data, 56 x 16, 8-bit/color RGB, non-interlaced	167B698229F1277572AEE79D0ADD5B8D	230E71F479581AE5025186B6996AC92D65FFF220	6B7695FC59EF2D66CF1BDFD3D475F6254650F8825CDC29AF80260EDA0F64237B
Chrome Cache Entry: 72	PNG image data, 110 x 36, 8-bit/color RGB, non-interlaced	9B0AA1B1E750E19A610E901FD4E3BF09	2647544E107BDE8E1A5EFBD16C321C1F43801EC0	A5699544C0922F1D41F3B41E98BEBB052F37058BFB1BB452EDB3279A87AB3F70
Chrome Cache Entry: 73	PNG image data, 187 x 43, 8-bit/color RGB, non-interlaced	0A322A029ADC215634BDAE16370DE88A	086FD588FD6AAFFE10366039D7960299DD9EF7D8	F61DD53B762E700F864A3823E55FF65D791214B2908D2AC1D78C8945FABE6D65
Chrome Cache Entry: 74	PNG image data, 55 x 18, 8-bit/color RGB, non-interlaced	84306B843A63D1D7CAABF8020FA9EDD2	43E7F881958ED1E483651906C7707410F44ABE39	0BE6112A7B37C6218662D17EFC0A2E6EEC913BE12A94B31AD9C5157553A9E397
Chrome Cache Entry: 75	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 76	ASCII text, with very long lines (65299)	7CCD9D390D31AF98110F74F842EA9B32	A85E681624C91A106A514C31EACF80DE817B2CC3	F5210FA3E7F0245A4C51EB7F280092C0EF99FDD28C45E17DAB8CC5854FDF4FD3
Chrome Cache Entry: 77	PNG image data, 77 x 28, 8-bit/color RGB, non-interlaced	8F154DA726C6BA8BC249AF82FEC33250	B3E80E8B338BB07D767E7CA3AEDAE814864F5228	119191F22EA22FF461D6F4F4A13A451072AA736D31DB3B11F99379305E014D1B
Chrome Cache Entry: 78	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	EA7D143EFE3C01DE298F9F1130E8BCE5	4672164FAB3870DD901034ABCF3D35998AC94DBE	94A9FEFBBE42310C03FF1E52C1F753C21038805F632867EA78930A52C445A456
Chrome Cache Entry: 79	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 80	PNG image data, 56 x 16, 8-bit/color RGB, non-interlaced	167B698229F1277572AEE79D0ADD5B8D	230E71F479581AE5025186B6996AC92D65FFF220	6B7695FC59EF2D66CF1BDFD3D475F6254650F8825CDC29AF80260EDA0F64237B

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

LLM: Score: 8 brands: Microsoft OneDrive Reasons: The URL 'https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/' does not match the legitimate domain name for Microsoft OneDrive, which should be something like 'onedrive.live.com'. The use of IPFS (InterPlanetary File System) for hosting a OneDrive page is highly unusual and suspicious. The page mimics the appearance of a legitimate OneDrive page, which is a common social engineering technique used in phishing attacks. DOM: 0.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_61, type: DROPPED

AI detected suspicious javascript

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

LLM: Score: 8 Reasons: The JavaScript code captures form data and sends it to an external URL (https://notmark.name.ng/dell/zob.php) via an AJAX POST request. This behavior is typical of phishing attacks where user credentials or other sensitive information are harvested. Additionally, the URL used does not appear to be associated with a legitimate or well-known service, increasing the likelihood of malicious intent. DOM: 0.0.pages.csv

Phishing site detected (based on image similarity)

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Matcher: Template: onedrive matched
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: Title: does not match URL

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/

HTTP Parser: <input type="password" .../> found

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No favicon
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No favicon

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/ HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdn.glitch.global
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ipfs.tech

Source: chromecache_61.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/1.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/2.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/3.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/4.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/5.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/a.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/aa.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/b.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/c.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/d.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/e.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.glitch.global/3b26bc0d-3c39-44da-a49e-84aefc634cd2/f.png
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_76.1.dr, chromecache_49.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_76.1.dr, chromecache_49.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_76.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_61.1.dr	String found in binary or memory: https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Source: chromecache_61.1.dr	String found in binary or memory: https://notmark.name.ng/dell/zob.php

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.win@16/52@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2200,i,8465809809260521268,2692650552825108474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/QmcZHgPdjzKZwSiGDPgHLVRcxMeWQsVgbWsmJC6BiQv1cS/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2200,i,8465809809260521268,2692650552825108474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected